Lucene search

[email protected]CVE-2023-4941

HistoryOct 20, 2023 - 8:15 a.m.

CVE-2023-4941

2023-10-2008:15:12

CWE-862

[email protected]

web.nvd.nist.gov

cve-2023-4941

bear

wordpress

missing authorization

vulnerability

nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

8 High

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

19.2%

JSON

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.

CPENameOperatorVersion
pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professionalpluginus bear - woocommerce bulk editor and products manager professionalle1.1.3.3
pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professionalpluginus bear - woocommerce bulk editor and products manager professionaleq1.0.5.1
pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professionalpluginus bear - woocommerce bulk editor and products manager professionaleq1.1.0
pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professionalpluginus bear - woocommerce bulk editor and products manager professionaleq1.0.5
pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professionalpluginus bear - woocommerce bulk editor and products manager professionaleq1.1.2
pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professionalpluginus bear - woocommerce bulk editor and products manager professionaleq1.1.3
pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professionalpluginus bear - woocommerce bulk editor and products manager professionaleq1.0.2
pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professionalpluginus bear - woocommerce bulk editor and products manager professionaleq1.0.3
pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professionalpluginus bear - woocommerce bulk editor and products manager professionaleq1.0.7
pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professionalpluginus bear - woocommerce bulk editor and products manager professionaleq1.1.3.1

CPE	Name	Operator	Version
pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professional	pluginus bear - woocommerce bulk editor and products manager professional	le	1.1.3.3
pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professional	pluginus bear - woocommerce bulk editor and products manager professional	eq	1.0.5.1
pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professional	pluginus bear - woocommerce bulk editor and products manager professional	eq	1.1.0
pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professional	pluginus bear - woocommerce bulk editor and products manager professional	eq	1.0.5
pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professional	pluginus bear - woocommerce bulk editor and products manager professional	eq	1.1.2
pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professional	pluginus bear - woocommerce bulk editor and products manager professional	eq	1.1.3
pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professional	pluginus bear - woocommerce bulk editor and products manager professional	eq	1.0.2
pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professional	pluginus bear - woocommerce bulk editor and products manager professional	eq	1.0.3
pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professional	pluginus bear - woocommerce bulk editor and products manager professional	eq	1.0.7
pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professional	pluginus bear - woocommerce bulk editor and products manager professional	eq	1.1.3.1

Rows per page:

1-10 of 241

References

plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L521

plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php

www.wordfence.com/threat-intel/vulnerabilities/id/bc20f303-cac3-4517-9c45-153c410a13af?source=cve

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

8 High

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

19.2%

JSON

Related for CVE-2023-4941

prion1 cvelist1 wpvulndb1 wordfence1